1 / 10

Understanding Information Security

Understanding Information Security . ISO 17799 / BS7799. Adaptive Processes. Just Imagine…. What will happen if our current office can’t be used for few days because of fire? What will happen if our competitor hacks into our network and gets all sensitive information?

anika
Download Presentation

Understanding Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Understanding Information Security ISO 17799 / BS7799 Adaptive Processes Simpler, Faster, Better

  2. Just Imagine… • What will happen if our current office can’t be used for few days because of fire? • What will happen if our competitor hacks into our network and gets all sensitive information? • Our communication link to our customer goes down for prolonged period? • And many more….. Simpler, Faster, Better

  3. So The Implications Are… • Information security is essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image • It is extremely critical for us to identify, assess and take preventive / corrective measures for risks that our business faces • It is legally required to protect information that customers provide us Simpler, Faster, Better

  4. Global Information Village Simpler, Faster, Better

  5. Information Criticality Basic Operations Business Reflexes Strategic Thinking Digital Nervous System Customer Interaction Information systems are nervous system of an information enterprise - Failure of nervous system indicates failure of the organization Simpler, Faster, Better

  6. Understanding Information Security • Confidentiality • Ensuring that information is accessible only to those authorized to have access • Integrity • Safeguarding the accuracy and completeness of information and processing methods • Availability • Ensuring that authorized users have access to information and associated assets when required Simpler, Faster, Better

  7. TECHNOLOGY TECHNOLOGY Securing Information ATTACK ATTACK POLICIES PROCESSES STANDARDS TRAINING ATTACK ATTACK HUMAN FIREWALL HUMAN FIREWALL ATTACK ATTACK INFORMATION ATTACK ATTACK ATTACK ATTACK Simpler, Faster, Better

  8. Introducing ISO 17799 • Provides recommendations for information security management for use by those who are responsible for initiating, implementing or maintaining security in their organization • Provides a common basis for developing organizational security standards and effective security management practice and to provide confidence in inter-organizational dealings Simpler, Faster, Better

  9. What it is: An internationally recognized structured methodology dedicated to information security A defined process to evaluate, implement, maintain, and manage information security ISO 17799 What it is not: • A technical standard • Product or technology driven • An equipment evaluation methodology such as the Common Criteria/ISO 15408) Simpler, Faster, Better

  10. What it is: A comprehensive set of controls comprised of best practices in information security Developed by industry for industry ISO 17799 What it is not: • Related to the "Generally Accepted System Security Principles," or GASSP • Related to the five-part "Guidelines for the Management of IT Security," or GMITS/ISO TR 13335 Simpler, Faster, Better

More Related